Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310170755
HistoryApr 18, 2024 - 12:00 a.m.

Oracle MySQL Server 8.x <= 8.0.36, 8.1.x <= 8.3.0 Security Update (cpuapr2024) - Windows

2024-04-1800:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
8
oracle
mysql
server
security update
windows
vulnerabilities
version 8.0.36
version 8.3.0
cve-2023-6129
cve-2024-20994
cve-2024-21047
cve-2024-21069
cve-2024-0727

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Oracle MySQL Server is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:oracle:mysql";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.170755");
  script_version("2024-04-19T15:38:40+0000");
  script_tag(name:"last_modification", value:"2024-04-19 15:38:40 +0000 (Fri, 19 Apr 2024)");
  script_tag(name:"creation_date", value:"2024-04-18 11:00:44 +0000 (Thu, 18 Apr 2024)");
  script_tag(name:"cvss_base", value:"6.1");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:P/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-01-23 21:32:01 +0000 (Tue, 23 Jan 2024)");

  script_cve_id("CVE-2023-6129", "CVE-2024-20994", "CVE-2024-21047", "CVE-2024-21069",
                "CVE-2024-21060", "CVE-2024-21087", "CVE-2024-20998", "CVE-2024-21009",
                "CVE-2024-21054", "CVE-2024-21062", "CVE-2024-21102", "CVE-2024-21096",
                "CVE-2024-21008", "CVE-2024-21013", "CVE-2024-21000", "CVE-2023-5678",
                "CVE-2024-0727");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Oracle MySQL Server 8.x <= 8.0.36, 8.1.x <= 8.3.0 Security Update (cpuapr2024) - Windows");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Databases");
  script_dependencies("mysql_version.nasl", "os_detection.nasl");
  script_mandatory_keys("oracle/mysql/detected", "Host/runs_windows");

  script_tag(name:"summary", value:"Oracle MySQL Server is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"affected", value:"Oracle MySQL Server version 8.x through 8.0.36 and version
  8.1.x through 8.3.0.");

  script_tag(name:"solution", value:"Update to version 8.0.37, 8.3.1 or later.");

  script_xref(name:"URL", value:"https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixMSQL");
  script_xref(name:"Advisory-ID", value:"cpuapr2024");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range(version: version, test_version: "8.0", test_version2: "8.0.36")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "8.0.37", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "8.1", test_version2: "8.3.0")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "8.3.1", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

openvas 28
nessus 34
f5 9
mageia 2
osv 8
cloudfoundry 1
ubuntu 3
ibm 7
ubuntucve 16
cve 15
photon 1
cnvd 4
redhatcve 16
redhat 1
cvelist 15
debiancve 16
oraclelinux 1
almalinux 1
alpinelinux 2
slackware 1
aix 1
cbl_mariner 6
github 1
cgr 1
prion 2
veracode 2
openssl 2
amazon 2
freebsd 1
openvas
openvas
Oracle MySQL Server 8.x <= 8.0.36, 8.1.x <= 8.3.0 Security Update (cpuapr2024) - Linux
2024-04-18 00:00:00
Ubuntu: Security Advisory (USN-6622-1)
2024-02-06 00:00:00
Mageia: Security Advisory (MGASA-2024-0036)
2024-02-15 00:00:00
nessus
nessus
Oracle MySQL Server 8.x < 8.4.0 (April 2024 CPU)
2024-04-19 00:00:00
Oracle MySQL Server 8.0.x < 8.0.37 (April 2024 CPU)
2024-04-19 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenSSL vulnerabilities (USN-6622-1)
2024-02-05 00:00:00
f5
f5
K000139618: MySQL vulnerabilities CVE-2024-21054, CVE-2024-21009, CVE-2024-20993, and CVE-2024-21102
2024-05-15 00:00:00
K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062
2024-05-14 00:00:00
K000139668: MySQL Server vulnerabilities CVE-2024-21000 and CVE-2024-21008
2024-05-17 00:00:00
mageia
mageia
Updated quictls packages fix security vulnerabilities
2024-02-15 02:02:34
Updated openssl packages fix security vulnerabilities
2024-02-04 05:49:27
osv
osv
openssl vulnerabilities
2024-02-05 12:18:56
openssl vulnerabilities
2024-02-13 10:29:56
Low: openssl and openssl-fips-provider security update
2024-04-30 00:00:00
cloudfoundry
cloudfoundry
USN-6622-1: OpenSSL vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2024-02-05 00:00:00
OpenSSL vulnerabilities
2024-02-13 00:00:00
OpenSSL vulnerabilities
2024-03-21 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL [CVE-2023-5678, CVE-2023-6129]
2024-03-15 13:36:51
Security Bulletin: AIX is vulnerable to a denial of service (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL
2024-01-25 21:15:41
Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a denial of service
2024-05-13 23:54:25
ubuntucve
ubuntucve
CVE-2024-21000
2024-04-16 00:00:00
CVE-2024-21069
2024-04-16 00:00:00
CVE-2024-21047
2024-04-16 00:00:00
cve
cve
CVE-2024-21054
2024-04-16 22:15:22
CVE-2024-21069
2024-04-16 22:15:25
CVE-2024-20994
2024-04-16 22:15:12
photon
photon
Moderate Photon OS Security Update - PHSA-2024-3.0-0721
2024-02-05 00:00:00
cnvd
cnvd
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-20436)
2024-04-18 00:00:00
Oracle MySQL Denial of Service Vulnerability (CNVD-2024-19018)
2024-04-18 00:00:00
Oracle MySQL Denial of Service Vulnerability (CNVD-2024-19009)
2024-04-18 00:00:00
redhatcve
redhatcve
CVE-2024-21054
2024-04-23 09:05:49
CVE-2024-20998
2024-04-23 09:05:31
CVE-2024-20994
2024-04-23 09:05:26
redhat
redhat
(RHSA-2024:2447) Low: openssl and openssl-fips-provider security update
2024-04-30 06:15:44
cvelist
cvelist
CVE-2024-21013
2024-04-16 21:26:02
CVE-2024-20998
2024-04-16 21:25:57
CVE-2024-21060
2024-04-16 21:26:18
debiancve
debiancve
CVE-2024-20998
2024-04-16 22:15:13
CVE-2024-21000
2024-04-16 22:15:13
CVE-2024-20994
2024-04-16 22:15:12
oraclelinux
oraclelinux
openssl and openssl-fips-provider security update
2024-05-03 00:00:00
almalinux
almalinux
Low: openssl and openssl-fips-provider security update
2024-04-30 00:00:00
alpinelinux
alpinelinux
CVE-2024-21096
2024-04-16 22:15:30
CVE-2023-6129
2024-01-09 17:15:12
slackware
slackware
[slackware-security] mariadb
2024-05-20 18:48:17
aix
aix
AIX is vulnerable to a denial of service (CVE-2023-5678 CVE-2023-6129 CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL
2024-01-25 14:11:09
cbl_mariner
cbl_mariner
CVE-2024-0727 affecting package openssl for versions less than 1.1.1k-29
2024-05-17 21:38:35
CVE-2023-6129 affecting package openssl for versions less than 3.3.0-1
2024-05-17 21:38:35
CVE-2024-0727 affecting package openssl for versions less than 1.1.1k-29
2024-05-21 09:07:23
github
github
Null pointer dereference in PKCS12 parsing
2024-01-26 09:30:23
cgr
cgr
CVE-2024-0727 vulnerabilities
2024-05-19 03:07:16
prion
prion
Null pointer dereference
2024-01-26 09:15:00
Design/Logic Flaw
2024-01-09 17:15:00
veracode
veracode
Denial Of Service
2024-01-30 20:23:38
Out-of-bounds Write
2024-01-30 19:15:17
openssl
openssl
Vulnerability in OpenSSL CVE-2024-0727
2024-01-25 00:00:00
Vulnerability in OpenSSL CVE-2023-6129
2024-01-09 00:00:00
amazon
amazon
Low: openssl
2024-02-29 10:03:00
Low: openssl11
2024-02-29 10:03:00
freebsd
freebsd
OpenSSL -- Vector register corruption on PowerPC
2024-01-09 00:00:00

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON
Related for OPENVAS:1361412562310170755
openvas28nessus34f59mageia2osv8cloudfoundry1ubuntu3ibm7ubuntucve16cve15photon1cnvd4redhatcve16redhat1cvelist15debiancve16oraclelinux1almalinux1alpinelinux2slackware1aix1cbl_mariner6github1cgr1prion2veracode2openssl2amazon2freebsd1